PDA

View Full Version : Can not open desktop icons with double click


jonathan
10-02-2005, 02:49 AM
Hello All,

My daughters laptop will not open the desktop icons with a double click any more. I have done the usual things, checked for spyware, and viruses, and I did a defrag, and disk clean up. The icons open ok with a right click and then using the open command.

It is an HP pavillion ze4200, 256 mgeg of ram, windows XP home. Adaware SE, XSoft, AVG antivirus.

Any help will be most welcome.
Thank you,
jonathan

Ed Hart
10-02-2005, 02:59 AM
jonathan, possible the shortcuts developed a glitch? Create new ones and try again.
HTH. :)
Ed.

Sunny
10-02-2005, 06:01 AM
Have you tried rebooting? That solves the problem most of the time.

jonathan
10-02-2005, 05:12 PM
Hello All,

Rebooting doesn't seem to change anything. Once opened everythings seems to work OK. Nothing else seems wrong with the system. All the scans that I did came back normal.
Take Care,
Jonathan

Sunny
10-02-2005, 05:31 PM
Have you tried another mouse?

Go to Control panel, mouse. Make sure that the left click is not disabled.

MrBill
10-02-2005, 07:21 PM
Try going to Start/Control Panel/Folder Options and near the bottom in Click items as follows Put a tic in Single-click to open an item(point to select) click APPLY then OK and get out of there and see if this helps.

jonathan
10-02-2005, 07:42 PM
Thank you for the ideas. I haven't been using a mouse since she just uses the pad on the laptop. I did try setting it for single click, but that didnt' change anything. It seems that some things will open when double clicked but most things won't. Again, everything will open if you right click and choose Open.
Any more ideas are greatly appreciated.

Thanks for the help, I will keep playing with it.
Take Care,
Jonathan

sharber60
10-02-2005, 07:54 PM
Maybe an update to the touchpad?

Driver - Keyboard, Mouse and Input Devices Date Version Previous Size

Registry Update for Synaptics Touchpad Driver

04-2004 1.00 - 316.19k

Synaptics Touchpad Driver with Hardware Scroll

11-2003 7.5.3.8 Version
6.49M

Notebooks One-Touch Buttons Support Software

02-2003 1.00 C Version
871.27k
http://h10025.www1.hp.com/ewfrf/wc/softwareList?dlc=en&lc=en&product=353949&cc=us&os=228

jonathan
10-03-2005, 09:59 PM
Thank you all for the help so far.

It turns out that the problem may be much bigger than I thought.

Working on the kids laptop last night, and this evening, I found a virus and two trojans. I believe that I was able to delete/remove these using AVG free personal edition, and running Adaware SE, and Xsoft.
Windows task manager still seems to show to much CPU usage in my option, around 10 to 15 or 20 percent. I now do not get any virus messages from AVG on start up, but the icons on the desktop still will not start with a double click.

I have re-read Crocketts earlier post on stopping a high jacked browser and the steps to recover the system, and have done almost all the things that he talked about. Great post Crockett!

My thinking is that the daughters laptop still has problems, and I am thinking of doing a Highjack this log.
Is it ok to post it here, or should I use another website that specializes in HJT logs? Castle Cops comes to mind.

I would rather not reformat if I can help it. Never fun to lose everything and start over. The kid as a lot of music on her hard drive. It is still working ok for now, but I am really sure that it still has some issues.

Any thoughts are most welcome, and thank you all in advance.
Take Care,
Jonathan

Crockett
10-03-2005, 10:12 PM
Post it here, please.
What have you done and found out so far?

Wrong #
10-03-2005, 10:20 PM
Change the speed of the double click faster/slower and see it it works.

MrBill
10-03-2005, 10:28 PM
I agree on posting it hear. Will get good and fast results...

Chappy
10-03-2005, 11:20 PM
What happens if you remake the shortcuts?

Try this by going to your Program files folder, opening one of the programs folder's, and right-click the program .exe icon and select "send to" - desktop (create shortcut).

Now go back to the desktop and dbl-clk the new icon....does this work?

Also try right clicking one of the desktop icons that doesn't work and select properties. Now in the shortcut tab, click "Find Target". This should open the program's folder with the .exe highlighted, if it doesn't then the shortcut icon is not set properly and needs to be redone.

jonathan
10-03-2005, 11:26 PM
Crockett,

So far I have updated and ran AVG, Adaware SE, and Xsoft, all several times.
I downloaded and ran CW Shredder and it found one item. Sorry I did not write down what that one was that was removed.

Virus' found were IRC/BackDoor.flood, and Mylove\ v1r5. The trojan was Collected.5.L The trojan was hard to remove and I had to run AVG about four times to get rid of it, if I did get rid of it.

I found a file using msconfig start up that was called, lock1.exe which I disabled. That made the system boot up much faster, but it has not been found or deleted by any other program that I know of.

I have at this point not yet downloaded, or used, Ewido Security Suite, or Find_It_s.zip.

System Restore seems have been disabled as I am not able to open it.

I have now put HJT on the laptop and I will send it. I have read the turtorial and think that I have done things correctly. Let me know if I did not. It will be sent in the next message.

Thanks so much for all your help.
jonathan

jonathan
10-03-2005, 11:31 PM
High Jack This Log,

Crockett
10-03-2005, 11:41 PM
I have read the turtorial and think that I have done things correctly. Let me know if I did not. It will be sent in the next message.

Thanks so much for all your help.
jonathan
You did great, Jonathon. Hang on a bit.

jonathan
10-03-2005, 11:43 PM
You might also want the start up files, sorry that I didn't do that. Here they come.

Chappy
10-03-2005, 11:47 PM
While you're waiting for Crockett to finish your log, try my suggestions and post the results.

This problem may, or may not be related to any spyware or virus troubles you're having, so lets try other things too.

jonathan
10-03-2005, 11:48 PM
Will do Chappy!
Give me a few moments and then I will be back.
Thank,
Jonathan

jonathan
10-04-2005, 12:01 AM
Hey Chappy,

I tryed your advice, but the shortcut I made still would not open. The .exe wasn't highlighted and didn't show up using find target. Thank you for the info. It would seem that I still might have a bigger problem than I thought when I first started this thread.

Take Care,
Jonathan

Crockett
10-04-2005, 12:10 AM
Found a couple things that may be the cause.

Make sure your computer is set to show hidden files and folders. (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339?Open&src=ent&docid=2002092514302348&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=)

Press Crtl-Alt-Delete to bring up the Task Manager and under the Processes tab, hi-light and END PROCESS on:

c4nn0t.exe

With all other windows closed, including Internet Explorer, run HijackThis again and get it to fix the following entries if present:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime ...not necessary
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k ....not necessary
O4 - HKLM\..\Run: [SECRETSERVICE] C:\Program Files\My Love\c4nn0t.exe
O4 - HKLM\..\RunServices: [strtas] lock1.exe W32/sdbot-SDQ worm (http://www.sophos.com/virusinfo/analyses/w32sdbotadq.html)

Reboot into Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&
src=sec_doc_nam).

Go to Add/Remove programs and look for any of these entries to delete (if not under that name, it's important that you list any weird entries):
My Love

Using Windows Explorer (Start > All Programs > Accessories), navigate your way to the following pathways, deleting the bold entries, if present:
C:\Program Files\My Love

Go to Start | Run and type in the box: cleanmgr. Press 'OK'. Let it scan your system for files to remove. Make sure these 3 are checked and then press "ok" to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Reboot into normal mode and post another log. We'll worry about purging System Restore when you're clean and back to normal.

Chappy
10-04-2005, 12:15 AM
Lets set the target for the shortcut, and see if that works.

Open one of the programs folders in Program folders file, highlight the exe icon and copy the exact path from the title bar.
Now go to that program's shortcut icon on hte desktop, rhgt-clk and select props - shortcut tab, and paste the path into the Target box, surround it with quotes.

Eg:

"C:\Program files\Internet Explorer\IEXPLORE.exe"

Make sure the "Target Type" says Application, then click OK and try it again.

jonathan
10-04-2005, 01:17 AM
Hey Crockett!

Thank you so much for taking the time to help me out. I can't tell you how great it is to have such good help. You are the best!
I did the changes with High Jack This, and every thing seems to work well. I still can not do a double click and get icons to open on the desktop, but at least the trojans are gone. The My Love trojan/virus seemed to be doing the most damage. I will attach the new HJT file.

Let me know what else I should do. I will do it tomorrow as it is late here and I have to go to work tomorrow morning.

Thanks for all your help,
Jonathan

Remember: A friend will help you move, but a true friend will help you move a body.

jonathan
10-04-2005, 01:28 AM
Chappy,
I will give that a try tomorrow when I can have the kids laptop once again. Thanks for your help. The kids laptop still has problems so I will let all you know the outcome.
Take Care,
Jonathan

Crockett
10-04-2005, 08:03 AM
Your log is now clean, Jonathon, so now we need to be looking somewhere else.
I wonder if the Synaptics touchpad (http://www.synaptics.com/press/pr_detail.cfm?id=97) may have something to do with it.
What happens when you try clicking in safe mode?

Chappy
10-04-2005, 03:35 PM
Your log is now clean, Jonathon, so now we need to be looking somewhere else.
I wonder if the Synaptics touchpad (http://www.synaptics.com/press/pr_detail.cfm?id=97) may have something to do with it.
What happens when you try clicking in safe mode?

Hi Crockett

Yah, thats what I've been trying to get going alongside of the HJT log work, figured while you were busy with the log, I'ld go on a sidebar with the OP on this problem. Most likely not the result of an infection, but you never know with some nasties eh...

Good work on the HJT log, couple of bad guys in there that needed removal ASAP.
I recall a similar prob to this back at TTV once, but I can't remember exactly what the fix ended up being.....dang. For some reason, I keep thinking that making a new .exe entry in Folder options/File types list, and reassociate it with Application, may have worked.
Oh well, we'll find this one soon enough I bet.

Later Crockett
;)

lostkiwi
10-04-2005, 06:30 PM
Just a quick thanks to Wrong#, my son has had the same problem on his desktop pc, only way to open any desktop icons was right click>open. I tried slowing down the mouse speed and now, (for the first time) it is working. Thank you.

(Sorry, didn't mean to butt in, however I had been following this with interest and hoping for a solution)

Chappy
10-04-2005, 06:38 PM
Just a quick thanks to Wrong#, my son has had the same problem on his desktop pc, only way to open any desktop icons was right click>open. I tried slowing down the mouse speed and now, (for the first time) it is working. Thank you.

(Sorry, didn't mean to butt in, however I had been following this with interest and hoping for a solution)

No need for sorry lostkiwi, in fact, we encourage others to post with little tips such as this....it just may work!! Some touchpads are notoriously fickle, and the fix could be as simple as slowing down the rhgt-clk speed.

Wrong #
10-04-2005, 06:54 PM
Just a quick thanks to Wrong#, Thank you.

(Sorry, didn't mean to butt in, however I had been following this with interest and hoping for a solution)

You are welcome, and jump in any time..

jonathan
10-04-2005, 07:57 PM
Good evening to all;

Here is an update to where things stand as of today.

I have rechecked the laptop. AVG still comes up with the trojan called Collected.5.L I have googled this and the only thing that I have really found to remove it is using a HJT log. Which of course Crockett was nice enough to me with last night.
I have not put Sybot Search and Destroy on this machine yet, should I?

System restore still will not open at all, but I have not tryed it in Safe Mode.
The kid tells me that iTunes will not open either.
The security center now will open, as it would not before.
I tryed slowing down the mouse/touch pad, click speed with no sucess.

Interestingly I can do a double click once any for my folders are open, ie: My documents, and everything will open normally with the double click.

The system starts up much faster now that I did the HJT removals, and I do not get any warning screens on start up. Still can connect to the internet.

CPU useage shown with task manager is now showing low useage when idle, about 1%, as I think it should be.

I had an old copy of Stinger, by McAfee, March 2005, that I ran this evening
it didn't seem to find anything except for spening a really long time on
C:\SWSETUP\Quicken\setupdlx\Disk1\Data1.cab\ Interesting only in the fact that quicken is not on the compter and never has been to my knowledge.

I am trying to post any thing that I think might be useful to all of you.
I really appreciate all the ideas and help.

How do you think that I should proceed at this point? I am thinking of doing a complete system restore at some point, but I want to pick up a external hard drive first so I can back up all the music files that are on the computer.
Really hate to do a full restore if there is any way around it.

Thanks again and I will look forward to hearing from anyone with ideas,
Jonathan

MrBill
10-04-2005, 08:21 PM
Yes for Sypbot S&D. CLICK (http://www.majorgeeks.com/downloadget.php?id=2471&file=9&evp=2470f9bfb0cc682334ff8c4459556118) for Spybot. Another good one also at the same time is SpywareBlaster CLICK (http://www.majorgeeks.com/downloadget.php?id=2859&file=12&evp=61b0e8ad41924a03c37615f4682b4cef)
and also a2Squared trojan remover CLICK (http://www.emsisoft.com/en/) . Remember to update these immediately then run them. Spybot and SpywareBlaster have an Immunize section to help block the nasties...

Chappy
10-04-2005, 08:27 PM
Hi Jonathan

Try this fix from Kelly's Korner
Fix EXE (http://www.kellys-korner-xp.com/xp_tweaks.htm) line #12

It re-associates .exe links, which I think may be the problem here based on what is happening now. I can show you a manual way to do this, but this one is much easier for you.

Crockett
10-04-2005, 08:32 PM
When I left you, your log was clean and nothing bad was left behind.
Are you sure AVG was not finding that trojan inside System Volume Information (System Restore)? If it is in there, no worry as we left that alone on purpose. If not, where is it?
I asked you to go into safe mode and try your clicks? If it works in safe mode you have software causing this.
...and report back with trying that and post me another log. Make sure nothing extra is running. Close email, browsers and get off the net.

jonathan
10-04-2005, 09:00 PM
Thanks Bill and Chappy,

I will add Sybot Search and Destory after the kid gets done doing her homework.

Chappy, I think that I will do a registry back up before trying this. I kind of looked over the information. Seems to have a lot of changes to HYKEY_CLASSES_ROOT. Is this to change they way the .exe is used with the keyboard touch pad? I am not sure how you came to the conclusion to use this file to edit the registry. Curious minds like mine like to know these things.

I am still thinking that this computer still has an issue with a trojan, or possibly a virus. Of course I am still just guessing here. Are you thinking that it may just be an error in the registry? As I said in another post I am not a fan of registy editing, but maybe in this case it would be worth a try if you know a good one. I am more than willing to give it a try.
Thanks for all the help.
Take Care,
Jonathan

jonathan
10-04-2005, 09:51 PM
Good evening Crockett,

AVG most likely is still finding it in System Restore. Since as you know I have not been able to disable restore points because it will not open.

I did go to Safe Mode and tryed double clicking. Double clicking on the icons in Safe Mode does not open icons/programs.

I can post another log for you to look at in just a little while. My daughter is doing some homework on it a the moment. High schools these days require all reports to be done with word processers. How times have changed since I was in school.

I will post a new log as soon as possible. It should be posted here in less than twenty minutes. Sorry for the delay. I will be sure that everything is closed.

Thanks for the help, and I am very interested in seeing where you are wanting to head to now that the log has been repaired.
Jonathan

Crockett
10-04-2005, 09:56 PM
AVG most likely is still finding it in System Restore. Since as you know I have not been able to disable restore points because it will not open.
That is not a good thing that it doesn't work. Nasties inside system restore cannot cause havoc unless the administrator uses system restore to bring them back. Think of them as being in jail. They can't harm your computer. So as to why it's not working is a mystery unless the trojan is elsewhere. AVG would have told you the pathway to it's location?

jonathan
10-04-2005, 10:01 PM
I will use AVG again and look for the path and post it for you, as well as the new log file.

Crockett
10-04-2005, 10:10 PM
:cool: While you're at it, please do this free on-line scan Ewido Online Scan (http://www.ewido.net/en/onlinescan/)

jonathan
10-04-2005, 10:30 PM
Crockett, doing the online ewido scan right now. Seems have found a lot of things.

Crockett
10-04-2005, 10:33 PM
Crockett, doing the online ewido scan right now. Seems have found a lot of things.
Tell me what and where it finds stuff before you let it delete them, if it allows that.

jonathan
10-04-2005, 10:58 PM
I am attaching the file the ewido scanned. Should I go ahead and fix?

jonathan
10-04-2005, 11:01 PM
I am attaching the file the ewido scanned. Should I go ahead and fix? Sorry invalid file. must be a wrong extension. It looks like I can't attach it.

Crockett
10-04-2005, 11:13 PM
Don't attach the file. Just tell me what it's called and where it is.

jonathan
10-04-2005, 11:17 PM
I have been trying to post the log from ewido, but so far no luck. I had to switch to IE to do the scan. From here I have not been able to attach the file that I saved.

Jonathan

ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.Cookie.Specificclick
Path: C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Risk: Medium

Name: Spyware.Cookie.Atdmt
Path: C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Risk: Medium

Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Adjuggler
Path: C:\Documents and Settings\Owner\Cookies\owner@rotator.dex.adjuggler[2].txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt
Risk: Medium

Name: Spyware.Cookie.Adjuggler
Path: C:\Documents and Settings\Owner\Cookies\owner@thunderbolt.adjuggler[1].txt
Risk: Medium

Name: Spyware.Cookie.Burstbeacon
Path: C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
Risk: Medium

Name: Spyware.MiniBug
Path: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
Risk: High

Name: Spyware.MiniBug
Path: HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTr ansporterX\CLSID\\
Risk: High

Name: Spyware.MiniBug
Path: HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTr ansporterX.1\CLSID\\
Risk: High

Name: Spyware.MyWebSearch
Path: HKU\S-1-5-21-1384227911-4054854769-3923631982-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Risk: High

Name: Spyware.Cookie.Doubleclick
Path: :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Burstbeacon
Path: :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Bluestreak
Path: :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.7search
Path: :mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.7search
Path: :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Googleadservices
Path: :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Com
Path: :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Com
Path: :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Atdmt
Path: :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Questionmarket
Path: :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Hitbox
Path: :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Hitbox
Path: :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Hitbox
Path: :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Valueclick
Path: :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Valueclick
Path: :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Targetnet
Path: :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Adserver
Path: :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Adserver
Path: :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Statcounter
Path: :mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

Name: Spyware.Cookie.Pointroll
Path: :mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\q77k3meg.slt\cookies .txt
Risk: Medium

jonathan
10-04-2005, 11:19 PM
I am very sorry about pasting such a long file. I won't do that again.

Jon

jonathan
10-04-2005, 11:24 PM
left out these three files.

Name: Spyware.MyWebSearch
Path: C:\Documents and Settings\Owner\My Documents\SmileyCentralSetup2.0.3.20.exe
Risk: High

Name: Spyware.Wheaterbug
Path: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Risk: High

Name: Trojan.Pakes
Path: C:\WINDOWS\system32\lock1.exe
Risk: High

Crockett
10-04-2005, 11:25 PM
You can have it get rid of all those tracking cookies.
These 3 entries:
Name: Spyware.MiniBug
Path: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
Risk: High

Name: Spyware.MiniBug
Path: HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTr ansporterX\CLSID\\
Risk: High

Name: Spyware.MiniBug
Path: HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTr ansporterX.1\CLSID\\
Risk: High

I believe are associated with WeatherBug. WeatherBug is one of those questionable programs. It is Adware, but not really defined as spyware. Your choice to remove or not.

Crockett
10-05-2005, 12:17 AM
left out these three files.

Name: Spyware.MyWebSearch
Path: C:\Documents and Settings\Owner\My Documents\SmileyCentralSetup2.0.3.20.exe
Risk: High

Name: Spyware.Wheaterbug
Path: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Risk: High

Name: Trojan.Pakes
Path: C:\WINDOWS\system32\lock1.exe
Risk: High
The 1st and third can go. Middle one is up to you.

jonathan
10-05-2005, 12:31 AM
I went ahead and deleted all of them. The computer still works fine, but still has the same interesting problems. You have been great helping me out with this, but I do believe that the best and easiest thing to do at this point is to back it up and do a full restore.

Everything that you told me worked great! and I don't think that there is anything really wrong with it at this point. Just kind of a pain not to be able to double click. Thank you so much for all your hard work and sticking with me concerning this problem.

Let me know if there is anything else you would still be interested in trying. I can still post another HJT log if you would like to look at it. I will not be doing any reformat until at least the weekend. I am in no hurry.

Your friend,
jonathan

jonathan
10-05-2005, 12:46 AM
Thanks to Crockett, Bill, Chappy, and everyone that has helped out trying to fix this problem for me. I looks like a lot of other interested people were keeping track of this problem, and my progress.

Trying our best was fun and made for some interesting posts.

Just to let you all know the outcome, barring any thing that fixes the problems . I will be picking up an external hard drive soon to back up the music files that my daughter has on the computer. At that point I do believe the easiest and best thing to do is to reformat the drive and start over. If the double click problem should for some weird reason still be there then I will let you know.

It has been a most interesting learning experience for me, and I really have learned a lot about computers and trojans and virues'.

Take Care,
Jonathan

Crockett
10-05-2005, 12:48 AM
Post me another log and I'll look at it in the morning. Don't be mindset on reformatting just yet. Nasties we can get rid of. The mouse thing should be solved.

Chappy
10-05-2005, 07:21 PM
Thanks Bill and Chappy,

I will add Sybot Search and Destory after the kid gets done doing her homework.

Chappy, I think that I will do a registry back up before trying this. I kind of looked over the information. Seems to have a lot of changes to HYKEY_CLASSES_ROOT. Is this to change they way the .exe is used with the keyboard touch pad? I am not sure how you came to the conclusion to use this file to edit the registry. Curious minds like mine like to know these things.

I am still thinking that this computer still has an issue with a trojan, or possibly a virus. Of course I am still just guessing here. Are you thinking that it may just be an error in the registry? As I said in another post I am not a fan of registy editing, but maybe in this case it would be worth a try if you know a good one. I am more than willing to give it a try.
Thanks for all the help.
Take Care,
Jonathan

Its completely safe to run this script, even if it does not turn out to be the problem.
What happens is that the association to open .exe files as application is lost, and this script reassociates it properly. When the exe file asoc. doesn't work, you get the same result that you see now, they will not open or run. This script simply remakes all the needed registry keys that look after this, so if they're all ok to start with, nothing is changed, but if they've gotten messed up this fixes them.

jonathan
10-05-2005, 10:08 PM
Hey Crockett and Chappy,

I will post a new log of you later this evening Crockett, or it might be possibly as late as tomorrow afternoon. We will see what else we can do with this computer.

Chappy, thanks for the explaination or what the script does. I will give it a try.

Take Care,
Jonathan

jonathan
10-05-2005, 11:54 PM
Hey Crockett,

Here is the new HJT log file. It seems very much shorter than when we started this whole process.

I hope it will help with our continued search to the problem.

Thanks,
Jonathan

Crockett
10-05-2005, 11:59 PM
That log is clean too, Johnathon.
Try what Chappy has asked of you.

MrBill
10-05-2005, 11:59 PM
Was that a copy and paste on the Wheather Bug which should be spelled Weather Bug?

jonathan
10-06-2005, 12:06 AM
Thanks Crockett and Bill.

I thought that this log looked very clean also. I will try Chappys advice in a few minutes.

Bill, I noticed that the Weather Bug program was also "Mis-spelled" I did not copy and paste. I sent it attached right from the file that I saved it to, in the HJT log file.

Jonathan

Crockett
10-06-2005, 12:09 AM
Weatherbug is not listed as spyware by any Anti-spyware apps, BUT some of the AntiVirus apps will flag it as Adware because it displays ads. It isn't causing this.

jonathan
10-06-2005, 12:43 AM
Thanks!! Crockett, Chappy, Bill, and everyone else who helped with this problem.

I am happy to report that the kids laptop is now working correctly. Double clicking on icons is working once again.

After having Crockett help me remove all the trojans and spyware, and being so great about reading my HighJack This logs, and Chappy giving me such great advice as to how to restore the registry, and knowing that it might just might be a registry problem, once again all things are well here.

The Kelly's Korner xp reg edits advice worked like a charm Chappy.

I can not thank you enough Crockett, and Chappy, for being of such great help! You both are able to see how to repair these computers that we all can not live with out anymore, and give the advice in laymans terms.

Without you both of you I would have had to do a full restore. Let me know if I can be of help to any of you in the future. Thanks for sticking with me and for a job really well done.

Be Well and Take Care,
Jonathan

Crockett
10-06-2005, 12:47 AM
I'm glad it's healed. :)

Now you need to turn off and reboot then turn on System Restore to empty it out and start fresh so you don't bring back any nasties.
Click (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam)

Chappy
10-07-2005, 01:37 PM
Well done Jonathan!

We're glad to be of service, and I know I can speak for Crockett here too when I say that we do this for you guys, thats why we stick with it.

I had a feeling that the .exe assoc. in the Registry was buggered right from the start, but I wanted to see how manual attempts would work first, and make sure it wasn't just a case of needing to rebuild your shortcuts.

Follow Crockett's finishing advice, nasties hide themselves inside your restore points, so deleting them is very important!!

Take Care!

jonathan
10-07-2005, 08:57 PM
Chappy!

I did follow up with Crocketts advice. All the restore points are gone.
You really did hit the nail on the head when it came to the .exe associations.

Thanks for all the help, and keep up the all the good work.
Take Care,
Jonathan